package com.yaoxun.bored.controller.main;

import java.util.List;

import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import com.yaoxun.bored.common.Constant;
import com.yaoxun.bored.common.JsonObject;
import com.yaoxun.bored.model.sys.role.SessionRole;
import com.yaoxun.bored.model.sys.user.LoginUser;
import com.yaoxun.bored.model.sys.user.SessionUser;
import com.yaoxun.bored.service.sys.role.RoleService;
import com.yaoxun.bored.shiro.credential.PasswordHashedHelper;
import com.yaoxun.bored.util.enums.JsonStatus;
import com.yaoxun.bored.validator.ValidatorHelper;

/**
 * 登录控制器
 * @author Loren
 * @createTime 2018年1月23日 下午5:30:01
 */
@Controller
public class LoginController {
	
	@Inject
	private PasswordHashedHelper passwordHashedHelper;
	
	@Inject
	private RoleService roleService;
	
	@Inject
	private HttpServletRequest request;
	
	@Inject
	private ValidatorHelper validatorHelper;
	
	/**
	 * 登录页面
	 * @author Loren
	 * @createTime 2018年1月23日 下午5:30:16
	 * @return
	 */
	@RequestMapping(value={"/", "/login"}, method=RequestMethod.GET)
	public String login() {
		return "login";
	}
	
	/**
	 * 登录获取
	 * @author Loren
	 * @createTime 2018年1月29日 下午3:42:03
	 * @param user
	 * @return
	 */
	@RequestMapping(value="/login", method=RequestMethod.POST)
	@ResponseBody
	public JsonObject login(LoginUser user) {
		JsonObject jsonObject = new JsonObject();
		BindingResult bindingResult = validatorHelper.validate(user);
		if(bindingResult.hasErrors()) {
			jsonObject.setStatusMsg(JsonStatus.FAIL, bindingResult.getFieldError().getDefaultMessage());
			return jsonObject;
		}
		UsernamePasswordToken token = new UsernamePasswordToken(user.getAccount(), user.getPwd(), request.getRemoteAddr());
		Subject subject = SecurityUtils.getSubject();
		try {
			subject.login(token);
		} catch (UnknownAccountException e) {
			jsonObject.setStatusMsg(JsonStatus.FAIL, "账号不存在");
			return jsonObject;
		} catch(IncorrectCredentialsException e) {
			jsonObject.setStatusMsg(JsonStatus.FAIL, "账号或密码不正确");
			return jsonObject;
		}
		//设置角色
		SessionUser sessionUser = (SessionUser) SecurityUtils.getSubject().getPrincipal();
		List<SessionRole> roles = roleService.selectByUserId(sessionUser.getUserId());
		sessionUser.setSessionRoles(roles);
		return jsonObject;
	}
	
	/**
	 * 校验码判断
	 * @author Loren
	 * @createTime 2018年1月31日 下午4:04:53
	 * @param vcode
	 * @return
	 */
	private boolean vcode(String vcode) {
		String sessionCode = (String) request.getSession().getAttribute(Constant.VCODE_SESSION_NAME);
		if(sessionCode != null) {			
			if(vcode.equalsIgnoreCase(sessionCode)) {
				return true;
			}
		}
		return false;
	}
	
	@RequestMapping("/testHash")
	@ResponseBody
	public String testHash() {
		String hashed = passwordHashedHelper.hashed("123456", "123456");
		return hashed;
	}
	
}
